[TASK] Team Member Permissions

[iclyn-taero]

Problem Users want to manage permissions at the group level in order to increase efficiency and oversight of apps and engines.

Requirements

Assumption: Admins can see all teams created on the platform; non-admins can only see which teams they are apart of

Admin functions:

• Create a new team
• Delete teams --> notifications: will members need to be notified that they were removed from a team because the team no longer exists? will notifications work at the team level?
• View/manage teams
  • manage members of the team (add/delete)
  • manage engines (add/delete/set access level)
  • manage apps (add/delete/set access level)
  • Add app
    1. Team has access to all dependencies
    2. Team does NOT have access to all dependencies --> notification signaling the admin who is setting up the team that an app will not work for the team if there are missing dependencies but will need to confirm that selection or give access to missing dependencies (relationship needs to be coded in there, can't assume it as that will cause a security issue)

Constraints

• Can teams be tied to discoverable/global?
• Can an admin override existing user access to an app? (ie if I have editor access to an app and the admin wants the team to have read-only access, is there a scenario where we want to downgrade someone's access level?)

Figma link https://www.figma.com/file/9gIqLnOoJuVQZCDPOrplXa/Member-%26-Team-Permissions?type=design&node-id=1%3A2&mode=design&t=4LrZyGYVTOzhDf1I-1

[tombetthauser]

Currently Working / Tested:

• Can currently create and delete teams.
• Can manage, add / delete team members
• Can manage, add / delete / set access level for engines and apps. Settings are saved but permissions do not currently effect team member access.

Currently Not Working:

• Adding app does not currently effect team access to app dependencies.
• No notification currently signaling to the team admin that app will not work for members without dependency permissions.
• Team permission settings do not currently seem to effect discoverability.
• Adding project to team does not add project to My Apps etc or make it discoverable for team members.
• Upgrading or downgrading permissions in team does not effect permissions for team members.
• Discoverability and permissions have to be managed for all team members / dependencies individually.
• Dependency permissions in team settings persist in team settings but do not seem to effect or override team member permissions to dependencies.
• Deleting a team does not currently effect dependency permissions for team members.
• Team members do not seem to currently be notified of removal from team or team being deleted.
• Dependency permissions in dependency settings for individual members do not indicate that they may have conflicting permission levels in team settings when applicable.
• There does not seem to be a way to currently resolve conflicts between team permissions and individual member permissions on dependencies.
• editEngineUserPermissions and editProjectUserPermissions might be used to change team member permissions on changes in team settings.
• getProjectUsers, getEngineUsers etc running on individual dependency settings don't seem to return information needed to inform user that dependency may have conflicting permission setting on a team.
• Unclear if deleting a team should remove all permissions if dependency isn't present in other teams or default back to permissions in individual dependency member settings.
• getProjectsForGroup and getEnginesForGroup may not return info needed to cover permission conflicts between multiple teams. Unclear how we would want to handle this.

---

• Confirmed that figma designs are up-to-date.

Potential Options:

• Lock individual dependency permissions for members who are on team with conflicting permissions for dependency and communicate the conflict to user. Would need BE to check for this.
• Give notification / warning when permission conflict / multiple record exists in dependency member settings but allow changes and apply highest level of permission. Would need BE to track multiple permission records and return all or highest permission when dependency is accessed.
• May want warning to appear when project is added with dependencies and ask admin if they wish to add dependencies to team. Or just add them automatically. Need project dependency info from BE, may already have this.

[johbaxter]

@kunal0137 - Was discussed to pass this to USI in sprint call (pk and kunal)

@themaherkhalil FYSA

[tombetthauser]

Potential Tickets

Can create tickets for these if the list looks appropriate. Not sure about priority levels or if we want to consolidate these into a shorter list.

---

1. Team Access to App Dependencies

Adding an app does not currently affect team access to app dependencies.

2. Admin Notification for Dependency Permissions

No notification currently signals to the team admin that the app will not work for members without dependency permissions. Priority might be medium.

3. Team Permission Settings and Discoverability

Team permission settings do not currently seem to affect discoverability. Priority might be high.

4. Project Addition to Team

Adding a project to a team does not add the project to My Apps or make it discoverable for team members. Priority might be high.

5. Permission Upgrades/Downgrades

Upgrading or downgrading permissions in a team does not affect permissions for team members. Priority might be high.

6. Individual Management of Discoverability and Permissions

Discoverability and permissions have to be managed for all team members and dependencies individually. Priority might be medium.

7. Dependency Permissions in Team Settings

Dependency permissions in team settings persist but do not seem to affect or override team member * permissions to dependencies. Priority might be high.

8. Team Deletion and Dependency Permissions

Deleting a team does not currently affect dependency permissions for team members. Priority might be medium.

9. Notification of Team Removal

Team members do not seem to be notified of removal from the team or the team being deleted. Priority might be medium.

10. Conflicting Permission Levels

Dependency permissions in dependency settings for individual members do not indicate that they may have conflicting permission levels in team settings. Priority might be high.

11. Resolution of Permission Conflicts

There does not seem to be a way to currently resolve conflicts between team permissions and individual member permissions on dependencies. Priority might be high.

12. Changing Team Member Permissions

editEngineUserPermissions and editProjectUserPermissions might be used to change team member permissions on changes in team settings. Priority might be medium.

13. Information on Permission Conflicts

getProjectUsers, getEngineUsers running on individual dependency settings don't seem to return information needed to inform the user that dependency may have conflicting permission settings on a team. Priority might be high.

14. Team Deletion and Permission Handling

Unclear if deleting a team should remove all permissions if the dependency isn't present in other teams or default back to permissions in individual dependency member settings. Priority might be medium.

15. Handling Permission Conflicts Across Multiple Teams

getProjectsForGroup and getEnginesForGroup may not return info needed to cover permission conflicts between multiple teams. Unclear how we would want to handle this. Priority might be medium.